Details of another big ransomware group 'Trickbot' leak online, experts say

1 minute read

Figurines with computers and smartphones are seen in front of the words "Cyber Attack", binary codes and the Ukrainian flag, in this illustration taken February 15, 2022. REUTERS/Dado Ruvic/Illustration

Register now for FREE unlimited access to

WASHINGTON, March 4 (Reuters) - A week after the notorious Russia-based extortionist gang Conti was humbled when reams of data on its internal chats were published online, a second group - Trickbot - appears to have been hit by a leak as well.

Detailed information purportedly about this second ransomware gang has appeared online, experts said late on Thursday, more evidence that groups with alleged Russian ties have been targeted for exposure in recent days.

Identifying details of purported gang members spread by a Twitter account calling itself "TrickbotLeaks" began percolating across the web on Thursday.

Register now for FREE unlimited access to

The account was suspended and Reuters could not immediately verify the authenticity of the information, but experts said the details being published aligned with their understanding of the group.

"It overlaps – largely overlaps - with our research," said Vitali Kremez, the chief executive of Florida-based cybersecurity firm AdvIntel.

Kremez, who says he is in touch with a Ukrainian researcher alleged to be responsible for the earlier leak of Conti correspondence, said the drumbeat of disclosures appeared to have been in one way or another triggered by the Russian invasion of Ukraine. read more

"All the gloves are off" in the Russian cybercriminal sphere, Kremez said.

Register now for FREE unlimited access to
Reporting by Raphael Satter; Editing by Howard Goller

Our Standards: The Thomson Reuters Trust Principles.